[jira] [Commented] (CASSANDRA-17848) LIST PERMISSION can display incorrect resource name

[Yifan Cai (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17630665#comment-17630665
 ] 

Yifan Cai commented on CASSANDRA-17848:
---------------------------------------

The root cause of the confusing value for the {{resource}} column is located at 
{{org.apache.cassandra.auth.FunctionResource#fromName}}. The implementation 
assumes the special characters (i.e. /, [ and ]) are not used in the function 
name, and uses those characters to parse the encoded function name string read 
from role_permissions table. 
However, quoted text is allowed as function names. It is permitted to have 
those characters in the function names, which breaks the parsing logic. 

In addition to the example in the description, it is allowed to create a 
function with `/` in the name, as long as it is quoted. 
{code:java}
CREATE FUNCTION cql_test_keyspace."my/amazing/udf"(input int) RETURNS NULL ON 
NULL INPUT RETURNS int LANGUAGE java AS 'return 42;';
{code}
Once the UDF is created, listing permission on the role breaks since `/` is 
used to determine if a resource is valid or not. 

> LIST PERMISSION can display incorrect resource name
> ---------------------------------------------------
>
>                 Key: CASSANDRA-17848
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17848
>             Project: Cassandra
>          Issue Type: Bug
>          Components: CQL/Interpreter
>            Reporter: Yifan Cai
>            Assignee: Yifan Cai
>            Priority: Normal
>
> When producing the resource name, it seems to assume that the content in the 
> `[]` is the function's input type, where it could also be part of the 
> function name, as long as it is quoted. Here is an example to reproduce. In 
> cqlsh,
> {code:java}
> > CREATE FUNCTION 
> > test."admin_created_udf[org.apache.cassandra.db.marshal.LongType]"(input 
> > int) RETURNS NULL ON NULL INPUT RETURNS int LANGUAGE java AS 'return 42;';
> > LIST EXECUTE OF user;
>  role  | username | resource                                | permission
> -------+----------+-----------------------------------------+------------
>  user  |    user  | <function test.admin_created_udf(long)> |    EXECUTE
> (1 rows)
> {code}
> The input should be "int", but in the output, it says "long". 
> If the content enclosed by "[]" is not a valid class, the LIST PERMISSION 
> request always fails for the user with "ConfigurationException: Unable to 
> find abstract-type class".
> The bug is discovered by Piotr Sarna.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org